Author

Topic: HELP REQUEST: Anyone willing to stress test ExamSoft's program security? (Read 87 times)

jr. member
Activity: 63
Merit: 1
Hey everyone,

In case you don't know what ExamSoft is, it is a company that provides 'high stakes' test-taking software. It is heavily used in the administration of the bar exam for lawyers and for final exams for law students. Their current version of the software is a new version called "Examplify". Examplify was used in the February 2018 bar exam and required a series of "URGENT" updates about a week before the exam; during the exam, the software became extremely buggy. The software is essentially repurposed ransomware. When the program is installed and running, it acts like a virus. The company and my law school simply tell us to trust them that it is okay. Furthermore, ExamSoft's terms and conditions state that they will comply with law enforcement orders, etc. after stating that they do not retain personal information.

After doing some digging, I was able to uncover a tiny bit about how the software works (this is an email from their customer support to my law school):

"Examplify is a computer-based testing application with the main benefit being a secure, offline testing capability. The ability to provide a secure, "locked down" testing environment is a priority for our clients, and one of ExamSoft's main selling points. Due to this need, the Examplify software does edit registry entries on the user's device when running in "secure" mode. These registry entries are added to put the computer in a secure mode where only the Examplify application can run. This limits the user's access to all other areas of their device, including their background image, file libraries, or any other applications on the computer. Students are warned at the start of an exam before entering this mode. As part of Examplify's processes, the application cleans up registry entries created at the end of usage returning the device to its initial state and ensuring there is no permanent changes to the registry. In addition to the changes to the registry, Examplifydisables certain services on the device to limit internet access and interference with the security of the exam. We also save content to specific Examplify folders on the device. During the exam, Examplify logs the applications that are open when going into Secure mode. We also log computer details, including OS specifications. Outside of these changes and the saving of our own data and logs (including the information just mentioned), we do not actively copy or store any other information from the device, including personal files, drivers, or other user data."

Request: I am hoping someone with technical digital security know-how is willing to stress test the Examplify software for me and look for anything weird. I'm not asking for you to hack their system, just to download the file from their website (if you need credentials to download, message me and I can send some over) and look under the hood to see if someone pissed in the engine. People in law do not think about this and I do not trust the word of a bunch of lawyer wanna-be's that my personal info is safe. I also do not have the technical know-how to accomplish this on my own.

To explain why I am wary, ExamSoft has had a LOT of problems over the past couple years; a brief list of issues is compiled below:

1. Examsoft messed up my computer: https://www.reddit.com/r/LawSchool/comments/4hs94w/examsoft_messed_up_my_computer/

2. Exam Soft malfunction during first and last 1L finals: http://www.top-law-schools.com/forums/viewtopic.php?f=3&t=200514

3. Bar Exam Software Debacle Causes Testing Delays Across The Country (Feb 2018 bar exam debacle WITH EXAMPLIFY): https://abovethelaw.com/2018/03/bar-exam-software-debacle-causes-testing-delays-across-the-country/ ("On the first day of the exam, test-takers were faced with widespread outages of ExamSoft’s Examplify software, which caused exam delays in several jurisdictions. Thousands of bar candidates were wide-eyed with worry when they tried to begin their essays and their exam applications didn’t work — at all. This mess all started with a series of “URGENT” updates to ExamSoft that were made less than a week before the exam was slated to begin...").

4. The Biggest Bar Exam Disaster Ever? ExamSoft Makes Everyone’s Life Hard: https://abovethelaw.com/2014/07/bar-exam-disaster-examsoft-makes-everyones-life-hard/ (covering ExamSoft's massive error in the 2014 bar exam testing period). See also https://theconcourse.deadspin.com/bar-exam-tech-disaster-inspires-lawsuit-threats-operat-1613129108

5. TobyInHR, Exam day horror stories, Reddit (posted 3 months ago): https://www.reddit.com/r/LawSchool/comments/7lb1q8/exam_day_horror_stories/ ("2 out of my three Examplify exams crashed on me last week. The only one that didn't was a Scantron multiple choice test (needed to use Examplify to track our time, since it was self-scheduled). The two exams that crashed also refused to upload after the exam. I just kept getting an error about how my computer was not connected to the internet, which was objectively false. Fairly simple solution: Examplify saves your stuff locally throughout the exam, every 60 seconds. The Examplify folder contains a (I would assume encrypted) copy of your exam, so if it fails to upload, you just have to send Examsoft a .zip file of your Examplify folder, and they can manually upload it.

Any comments or thoughts are appreciated.
Jump to: